Bengaluru-based home services startup Pronto is at the centre of a growing privacy controversy after reports revealed the company was using opt-in video recordings of domestic work inside customers’ homes to train physical AI and robotics systems. An internal investor memo from Glade Brook Capital, reported by Entrackr, described Pronto as seeking to formalise India’s informal labour markets while simultaneously generating proprietary data for physical AI development.
Pronto, in a public statement, said that the recording programme is strictly opt-in, must be affirmed before each booking, and applies to only 0.1 percent of its users. Pronto says it spent months ensuring compliance with India’s legal framework before launching the pilot.
“We worked for months to ensure we go above and beyond what we’re required to do by the law,” said Pronto in a public statement.
“Pronto’s opt-in architecture attempts to satisfy the consent requirement under the DPDP Act. But consent for recording a home is simply not the same as consent for that home becoming an AI training dataset, and conflating these two is where the legal exposure lies,” said Anshul Verma, partner, SKV Law Offices.
Industry reaction
In a statement to ETLegalWorld, a Snabbit spokesperson said that Snabbit does not use any form of in-home video recording, body-camera recording, sensor capture, or customer-home footage collection, and has no plans to introduce such practices. “Trust and privacy are foundational to our business,” the spokesperson said. “We believe there is a clear distinction between understanding emerging technologies and deploying them in customer environments, and Snabbit has consciously chosen not to pursue the latter.”“In the interest of transparency, we were approached by a few players and we studied how this technology works through a limited one-time evaluation in a controlled training-centre environment. But understanding something and deploying it in customers’ homes are entirely different matters. We have never deployed such technology in customer homes, have no partnership with anyone in this regard, and have no intention of changing that now or in the future,” the spokesperson clarified.
Urban Company CEO Abhiraj Singh Bhal publicly stated that his platform does not engage in such practices and has no plans to do so.
“We are in the business of trust, and we take customer trust and privacy extremely seriously. We do not engage in any such activities, have never done so in the past, and have no plans to do so in the future,” Bhal noted.
Consent as a ‘checkbox’
India’s Digital Personal Data Protection Act, 2023 sets a high statutory bar. Consent must be free, specific, informed, unconditional, and unambiguous, and it must be limited to a specified purpose. In the Pronto case, the question is whether a customer booking a home-cleaning service genuinely understood that they were agreeing to have their residence become training material for a commercial robotics programme.
“The pilot today reaches less than 0.01% of our customers. Those who participate are informed – and have to agree – about the recording option at the time of booking, and the choice is theirs to make on a job-by-job basis. They will have to give us consent again for any future bookings,” said Pronto in a statement.
“A checkbox can record consent,” said Rishabh Gandhi, founder, Rishabh Gandhi and Advocates. “It cannot manufacture understanding. Consent for receiving a home service is not the same as consent for turning one’s home into a training environment.”
Malabika Boruah, partner at Naik Naik & Co. said “Burying AI training under vague terms like ‘service improvement’ or bundling it into an all-or-nothing Terms of Service is illegal,” she said, adding that Section 5(1) of the DPDP Act requires a clear, independent notice that itemises exactly what is being collected and why. Blocking access to a basic service because a user refuses to let their home be recorded for AI training, she noted, would directly violate the requirement that consent be unconditional.
Rodney D. Ryder, partner at ANM Scriboard noted, “A customer booking a home service is typically not in a position to negotiate or walk away, which raises whether consent in that context is truly free,” he said. “If the Board eventually takes a purposive interpretation of ‘informed’, bundled AI-training consent in a service contract is going to be very hard to defend.”
Shiv Sapra, partner at Kochhar & Co. said, “In most consumer ecosystems, users are consenting to convenience, not consciously negotiating participation in AI model development,”
What the camera actually captures
The legal exposure deepens when you consider what home footage actually contains. Even a blurred, short-retention recording of a domestic cleaning session can capture household routines, room layouts, entry points, economic indicators, medical equipment, religious objects, children, elderly persons, and the movements of domestic workers – none of whom may have seen a consent screen.
“Faces and other identifying details by design are never meant to be captured. We also have a system in place to automatically blur any personally identifiable information – before it’s ever uploaded. All footage is deleted from our servers within 48 hours. Other than the customer, no human can access or review the footage,” Pronto clarified.
Ryder said, “A model trained to observe a domestic worker’s hand movements to improve a mopping robot can incidentally record behavioural patterns, household routines, who’s home at what time, and possibly even economic indicators from the background of a frame. Once deployed across thousands of homes, the model becomes a kind of distributed surveillance infrastructure that no individual consent transaction ever actually authorised.”
Pronto’s claim that footage is blurred and deleted within 48 hours has been presented as a key safeguard. Legal experts remain sceptical whether it closes the legal gap.
“Blurring and deleting a video may reduce risk, but it does not eliminate it,” said Ryder. “A model can learn household layouts, behavioural patterns, and socio-economic indicators from footage that has been face-blurred.”
Boruah said, “Under the DPDP Act, legal obligations trigger the millisecond processing begins. If an identifiable face, voice, or home layout enters the pipeline, a data processing event has occurred. Quick deletion does not retroactively undo an unauthorized collection.” She added that if model weights or embeddings retain derivative patterns from a private residence, the home continues to be processed within the constitutional protection established by the Supreme Court in Justice K.S. Puttaswamy (2017).
Gandhi said, “If the original collection itself was not based on valid informed consent, later blurring or deletion may reduce harm but may not cure the defect in collection.”
Is India’s privacy law structurally ready?
Legal experts agreed that India’s privacy architecture has the constitutional foundations but lacks the operational infrastructure to regulate physical AI in domestic spaces.
“The real challenge is not merely collection of data, but secondary use,” said Sapra, pointing to how recordings are retained, shared across systems, and used to train future models as areas where “the law presently addresses these issues in fragments, not as a comprehensive AI-governance framework.”
The DPDP Act is yet to be fully operational, after a phased rollout that began in November 2025, leaving pilot programmes like Pronto’s in what Boruah called “a transition window with no live regulator to scrutinise their data collection.”
“The current framework is dyadic (one user, one company). Physical AI recording is polyadic (one consent transaction captures multiple non-consenting bystanders). Section 9 protects children’s data, but it fails when a child is captured incidentally in a video authorized by an adult,” Boruah added.
The Act also contains no location-sensitive data categories; it treats recordings made inside a bedroom identically to data collected in a public park.
“Traditional privacy law was designed largely around databases and digital platforms. Physical AI introduces persistent spatial observation, machine learning from human movement, and autonomous behavioural adaptation. That creates risks closer to surveillance regulation than conventional data processing,” Sapra added. “India will eventually require sector-specific AI governance standards, especially for domestic, healthcare, mobility, robotics, and workplace environments.”
Gandhi said “Existing data protection rules can handle part of the issue,” he said, “but a cleaning or home-service app should not quietly become a data pipeline for robotics or AI training. That is the legal line.”
